2

I'm trying to make a sign up wizard that will be 3 pages, but I'm not sure how I can pass the data between the pages.

At first I tried using return RedirectToAction("New", "Authentication", newUser);, where newUser was the instance of the user which contains the initial first page info (which is their OpenId identifier and any extra meta data which the provider has provided.)

When I did this, I noticed all the data (which existed) was in the query string HEADER:

Request URL:http://localhost:1200/Account/New?UserId=0&OpenIds=System.Collections.Generic.List%601%5BSystem.String%5D
Request Method:GET
Status Code:200 OK

This makes me worried that it could be open to serious attack/abuse, especially if the openId identifier is there (not to mention that the OpenId value is incorrect, it didn't serialize the IList<string> correctly.)

So does anyone have any suggestions?

HaskellElephant
  • 9,819
  • 4
  • 38
  • 67
Pure.Krome
  • 84,693
  • 113
  • 396
  • 647

5 Answers5

1

I ended up using TempData to store the data between requests. And I also used TempData.Keep() to make sure it's sticky for one more request for error handling, when I need to show some error message.

Pure.Krome
  • 84,693
  • 113
  • 396
  • 647
0

For RedirectToAction you need to pass the object AND the name for the route:

return RedirectToAction("New", "Authentication", new { id=newUser});

Also see "How to RedirectToAction..."

Community
  • 1
  • 1
Chris S
  • 64,770
  • 52
  • 221
  • 239
0

Can you use the ViewData or ViewBag objects for temp storage until you get through all 3 steps?

Ed DeGagne
  • 3,250
  • 1
  • 30
  • 46
0

In Steve Sanderson's book on MVC 2, it discusses this topic in detail and has a working example of how to pass data back and forth between wizard steps.

I would buy the book and look at the solution in there.

Edit:

As stated in a comment, read the sample on Page 477, chapter 13. It covers your problem.

Why is this valid as an answer, as opposed to a comment?:

People scanning through myriad threads will find a direct reference to how to solve wizard issues.

Comments are easily ignored, and overlooked, by a stressed developer trying to find the solution to a problem.

awrigley
  • 13,481
  • 10
  • 83
  • 129
  • Sh!t! i have that book (in pdf format). time to check it out :) – Pure.Krome Mar 02 '11 at 22:56
  • 1
    Linking to a book doesn't answer his question. – ZippyV Mar 03 '11 at 08:44
  • 1
    Even if the book has a detailed example showing exactly how to solve the issue? You cannot be serious. – awrigley Mar 03 '11 at 08:47
  • 1
    Yes, he's serious. You could have posted this as a comment. Pointing to a book and saying "read it" is not an answer. It is almost the same as telling him to "google it". The least you could do is provide an example if you are going to post an "answer". Otherwise keep it as a comment. That being said, it is a good resource. I read this book cover to cover and it has a nice example of using a wizards on page 477 (chapter 13) – CatDadCode Mar 03 '11 at 22:55
  • @Chevex - thanks mate. I was trying to find where he handled Wizards in it but couldn't. – Pure.Krome Mar 04 '11 at 01:19
  • @Chevex: no way is that like telling someone to google for the answer. You just search the index for "Wizard" and you find it. I guess Goebbels was serious too... – awrigley Mar 04 '11 at 09:55
  • "Comments are easily ignored, and overlooked" That is anecdotal opinion. I read all comments and all answers on my questions. But I expect answers to be actual answers to my problem, not a mid-way station with a reference to where I might find the answer. – CatDadCode Mar 04 '11 at 15:48
  • Yours is certainly the more anecdotal of the two opinions: I read... I expect... I, I, I. More than anecdotal, subjective. My answer answers the question and the person asking the question used it to find a solution to their problem. I call that an objective and practical and valid answer to the question. As in the proof is in the eating. With that I rest my case. – awrigley Mar 04 '11 at 16:33
-1

I would keep this information in the Session object.

Session["UserObject"] = MyUserObject

Then retrieve it with

var myUser = Session["UserObject"] as MyUserClass;

Chris James
  • 11,571
  • 11
  • 61
  • 89
  • @Qui - and use what to bounce back/forth between the sign up pages? – Pure.Krome Mar 02 '11 at 11:38
  • 1
    RedirectToAction should still work here: save the object in session, redirect, read it back in the new controller. You won't need to pass parameters to the action if they can read all their state from the session. – Rup Mar 02 '11 at 11:43
  • 1
    It's hard to tell without knowing the full problem. I assume in these three stages you are gradually building up information to compile a "User" object? If that's the case you would do checks on the retrieved object as you hit a step. So if address details are a 3rd step thing and it appears on the 2nd, remove them from the object, if neccessary – Chris James Mar 02 '11 at 11:44
  • @qui - correct. i'm building up the user object. What about some TempData stuff? Is that an option? – Pure.Krome Mar 02 '11 at 12:00
  • Very easy to break tabs or the back button. Storing the state of a wizard in the session is rarely a good idea. – CodesInChaos Mar 02 '11 at 13:52